1. Field of the Invention
The present invention relates to the management of computer networks in which end stations in the network have the power management circuitry; and more particularly to techniques for securely issuing commands across the network to such end stations to wake-up or execute other system and power management functions.
2. Description of Related Art
Management of computer networks is accomplished in many systems by a central network management station which has access to end stations in the network for management functions. However, in complex network environments, many of the end stations are turned off at night or at other times when they are not in use, either manually or automatically by power management circuits. This prevents the network management station from gaining access to the end station, limiting the ability to effectively manage the network. Thus, technology has evolved which allows a remote network management station to wake-up an end station in the network to allow it to perform network management processes, or otherwise communicate with the end station. Such technology is referred to generally as Wake On LAN herein. The Wake On LAN feature of network adapter cards in personal computers allows network administrators to remotely boot powered off end systems. One popular technology for implementing the Wake On LAN feature is referred to as the "Magic Packet" technology, developed by Advanced Micro Devices, Inc. See "Magic Packet Technology--White Paper" Advanced Micro Devices, Inc., issued November 1995. One concern that the Wake On LAN feature creates is the potential for intruders acting remotely to power-up unattended systems, and attempt to penetrate them. This danger is more acute than that for already powered up systems, from one point of view, because their powered down state can be used as evidence that they are not being monitored for intrusion. Thus, Wake On LAN protocols present an avenue for hackers to gain access through a network to sleeping devices.
The "Magic Packet" technology developed by AMD involves transmission of a special packet which is identified by 16 duplications of the MAC address of the end station to be woken up without breaks or interruptions, inside a single packet. The network interface card is adapted to recognize this special packet, and signal the host system that it has received a Wake On LAN command.
One approach to providing security for the Wake On LAN feature involves transmitting a separate packet carrying a password. Before the network interface card issues a command to the host system, it must receive both the special Wake On LAN packet and the special password packet. This approach has a number of drawbacks, including the fact that packets can be snooped by other stations in the network, allowing the password to be learned by other parties. Also, the Wake On LAN packet sequence can be easily replayed by parties attempting to enter the system. In addition, the requirement of two packets requires complicated circuitry in the network interface card, increasing costs. Thus, the password packet approach provides limited security at increased costs.
It is desirable to provide a secure Wake On LAN system, and otherwise extend the Wake On LAN protocol for greater flexibility and functionality.